Bug 5852 - Upgrade GnuTLS to latest version
Summary: Upgrade GnuTLS to latest version
Status: CLOSED FIXED
Alias: None
Product: ThinLinc
Classification: Unclassified
Component: Build system (show other bugs)
Version: pre-1.0
Hardware: PC Unknown
: P2 Normal
Target Milestone: 4.7.0
Assignee: Karl Mikaelsson
URL:
Keywords: hean01_tester, relnotes, thomas_tester
Depends on:
Blocks:
 
Reported: 2016-04-22 16:44 CEST by Pierre Ossman
Modified: 2016-09-23 10:07 CEST (History)
2 users (show)

See Also:
Acceptance Criteria:


Attachments

Description Pierre Ossman cendio 2016-04-22 16:44:18 CEST
We're on 3.4.7 but 3.4.11 is available. No CVE has been issued since our last upgrade though.
Comment 2 Karl Mikaelsson cendio 2016-06-20 13:26:02 CEST
GnuTLS has been upgraded from 3.4.7 to 3.5.1.

CVE:s fixed since 3.4.7:

 * GNUTLS-SA-2016-1/CVE-2016-4456
   File overwrite by setuid programs

   Introduced in 3.4.12, fixed in 3.4.13 - we were never affected
   by this.


I've verified that the http/https detection still works, and that Firefox and Google Chrome are happy with the selected cryptos with tlstunnel on x86_64.
Comment 3 Thomas Nilefalk cendio 2016-06-23 13:54:52 CEST
Mime-type property was lost on new tar-file. Added application-x/xz.
Comment 5 Thomas Nilefalk cendio 2016-06-23 15:44:31 CEST
Verified commit and that Chavez is building with new libs. Tested with webadmin and webaccess with 2048 and 4096 bit keys.

Note You need to log in before you can comment on or make changes to this bug.